DocumentCode
1080065
Title
Web application security assessment tools
Author
Curphey, Mark ; Arawo, R.
Author_Institution
Foundstone, Mission Viejo, CA
Volume
4
Issue
4
fYear
2006
Firstpage
32
Lastpage
41
Abstract
Security testing a Web application or Web site requires careful thought and planning due to both tool and industry immaturity. Finding the right tools involves several steps, including analyzing the development environment and process, business needs, and the Web application´s complexity. Here, we describe the different technology types for analyzing Web applications and Web services for security vulnerabilities, along with each type´s advantages and disadvantages. At Foundstone, we work with some of the world´s biggest banks and telecommunications companies to identify and resolve security issues. Together with our clients, we face challenging testing scenarios in the context of demanding applications and complex business environments. We´ve seen firsthand what works and what doesn´t; what´s marketing hype and what gets results. Our analysis here is based on our collective experiences and the lessons we´ve learned along the way
Keywords
Internet; Web design; security of data; system monitoring; Web application analysis; Web application security assessment tool; Web service security vulnerability; Web site security testing; Application software; Computer architecture; Computer industry; Computer security; Data security; Drives; Information security; Privacy; Testing; Web services; Internet; security; web security;
fLanguage
English
Journal_Title
Security & Privacy, IEEE
Publisher
ieee
ISSN
1540-7993
Type
jour
DOI
10.1109/MSP.2006.108
Filename
1668000
Link To Document